cfo-au logo
Story image

The weaponisation of AI: how to defend against machine generated cyber attacks

Article written by Neustar senior VP, technologist and fellow Rodney Joffe 

Over the past couple of years, Artificial Intelligence (AI) and machine learning have progressed unchecked to remarkably sophisticated levels with their unprecedented growth also leading to the development of many beneficial applications. Applications ranging from virtual assistants, like Alexa and Siri, to advanced data analytics and autonomous vehicles are just some ways in which both AI and machine learning has seamlessly evolved and integrated into our everyday lives.

According to the Malicious Use of Artificial Intelligence report, the ‘weaponisation’ of AI was predicted to be one of the biggest cybersecurity threats of 2018. The report - contributed to by 26 authors from 14 different institutions including academia, civil societies and industries - believes that while hackers will definitely exploit machine learning for malicious purposes, this development means that they now have to ability to target much larger organisations and cause extensive widespread damage.

AI: The new weapon of choice?

Unlike more ‘traditional’ forms of malware, AI has proven to be the ideal tool for conducting DDoS attacks. AI is easily scalable, extremely efficient and capable of making automated decisions, such as who, what, when, where and how to attack a network. In fact, in many cases, AI is actually capable of better decision making and efficiency than humans.

It has the capacity to create personalised phishing attacks by collecting and analysing information on their preferred targets from publicly available sources including a person’s or businesses online presence, such as their Facebook or LinkedIn profiles.

As AI continues to learn, and attacks become more complex, how can IT managers safeguard their companies from ongoing threats?

Defending against the rise of the machines

The rise of machine-generated attacks may be cause for concern, however, there are processes that can be implemented to prevent organisations from falling prey to these attacks. The first step is to make sure that appropriate measures are in place, which may include patch and threat management systems, as well as identification and encryption of vulnerable data to suit organisational circumstances.

While these systems are an important piece of the puzzle, the most vital part of protecting your network is being proactive about network security. How is this achieved? By ensuring that your organisation has the capability to rapidly change course when necessary, just as AI can.

Once all of these controls have been implemented it is extremely important to clearly define what your organisation requires in terms of processes and procedures.  Many believe that implementing DDoS mitigation technology as a stand-alone defence system is sufficient, however, this is simply not the case.

Even in a best-case scenario the most advanced mitigation solutions in the world are only as good as the processes that are in place to support it. Mitigation software is not a standalone answer.

It is essential that all IT managers have a concrete understanding and a deep knowledge of what is normal for their systems. This can be a massive challenge and is why having a very clear understanding of your company’s assets and how they communicate and interact with one another can provide unmatched value.

When processes are firmly ingrained, it then becomes less challenging for organisations to easily identify, quarantine and investigating events that are not considered the norm.

While many organisational leaders aim to make this a quarterly process this is not frequent enough to stay on top of potential discrepancies. Instead, making strict security and governance a daily process better ensures that they can completely safeguard themselves against potential attacks.

As the mainstream adoption and acceptance of AI continues to grow rapidly, cybercriminals will continue to adapt and find new opportunities to create chaos within an organisation. However, much like self-learn technology, which continues to grow smarter and better – as it is designed to do – organisations and their IT managers must also learn how to continuously adapt and improve their proactive defence.

This can be done by making sure that they have a crystal clear understanding of their networks. By ensuring that they have a solid understanding they can be confident in their ability to internally detect any anomalies and are well prepared to protect their organisations against even the most unpredictable AI attacks.

Link image
Gartner report: Why SD-WAN is becoming the de-facto option
Network service providers are increasingly challenged by established and new competition in the overlay SD-WAN management as well as in the underlay WAN transport, the report says.More
Story image
Innovation a necessity in a crisis - Microsoft report
Almost all (98%) organisations with the most mature culture of innovation leaders agree that innovation is a necessity to stay resilient during a crisis.More
Story image
Blue Prism extends human-to-digital worker collaboration with new Interact capability
Blue Prism Interact is a human-to-digital worker collaboration capability that enables employees to team up with digital workers to initiate, instruct, verify, receive, and authorise a variety of business processes through the digital workforce.More
Story image
ServiceNow extends Microsoft partnership with new Teams functionality
Powered by ServiceNow’s digital workflow platform, the Now Platform, the new capabilities are also said to improve agent productivity by enabling them to more effectively collaborate and complete key tasks in Microsoft Teams.More
Link image
VR a leading factor in edge computing, says Gartner
Edge architectures and technologies, including VR, will be an essential component of innovative products and services.More
Link image
Gartner: Edge and IoT deployments are stretching infrastructures
In the future, the role of infrastructure and operations will be to manage the global infrastructure and its associated services, moving away from only hardware and software.More